RE: OWA Password expires in 0 days
Title: FW: OWA Password expires in 0 days I got this when I did the critical updates. -Original Message-From: Calyn, Mike [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 3:05 PMTo: NT System Admin IssuesSubject: FW: OWA Password expires in 0 days I,ve got the same thing happening here. If I remember correctly it seems like it started with the latest round of viruses. Anybody else out there with this? Mike Calyn MacArthur Foundation -Original Message- From: Eric Larsen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 11:30 AM To: MS-Exchange Admin Issues Subject: OWA Password expires in 0 days When any of my users (including myself) log on to the owa page, the following error is displayed: Your current password is about to expire in 0 days. To change your password, go to the Options page after you login. You can then click OK and it launches the owa page. This has been going on for a week or so. so much for 0 days. When you click on the options page, then click on change password button, I get a page cannot be displayed error... what fun. any ideas? -Eric Larsen -Key Knife, Inc. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
OT:IIS check this out
This looks pretty bad for the home team. As of resent events, I have been working over. Unfortunately I am salary, if I was hourly, I would probably be in a significantly higher tax bracket. http://www.theregister.co.uk/content/4/21853.html Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Duplicate Name Found
wins??? That used to be my problem, I would remove the name from wins before reboot and never had a problem. -Original Message- From: Terrel Schimpf [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:44 AM To: NT System Admin Issues Subject: Duplicate Name Found I am getting Duplicate name found when I restart a NT server. I know that the name is not a duplicate. The only way I can get the server back on and working is to unplug the network connections and reboot the system. Once I login I can reconnect the network connections and all is well. Any ideas of what would make the server think there was a duplicate name? http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NT 2000 Anti Virus for Server edition desktops
I used Trend Server Protect. And if you in the same situation as I am, I push the server protect from a central location and when they rebuild their box or remove it, I put it right back on. This is a weekly thing I check all names from a list and verify they are loaded. Developers can be such pains. -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 10:08 AM To: NT System Admin Issues Subject: NT 2000 Anti Virus for Server edition desktops My developers are running NT 2000 Server edition on their machines for development reasons. (This allows them to develop and step through debugging completely through multi-tier components all on one machine) I have found that they do not have any virus protection on their machines, because the standard editions do not run on servers. Can anyone make a product recommendation for a product that will not necessarily include the entire enterprise support and admin overhead (and cost) for servers that actually SERVE something? Perhaps a desktop version of something reliable that will run servers as well? As you can expect, I am panicked at this point! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert
If you have updated for Code Red, do we need to do anything? -Original Message- From: Marr, Chris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:22 PM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert Usama Bin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 10:52 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert Why do people gotta do this shit now? damn...! -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: 18 September 2001 15:59 To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert CodeRed seems to have dwindled to nothing on my logs. But it's being replaced with the EXACT same lines you have below, and they stay consistent with the code red 2 methods of attacking the more local subnets. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:50 AM To: NT System Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: WARNING: Hacker Alert Yes. It seems to be systems I have previously monitored hitting me with codered attacks. I bet someone is activating all of their children. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system 32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system 32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0,
RE: WARNING: Hacker Alert
Sp2 and all the critical updates. (Never infected by code red) -Original Message-From: Kelly Borndale [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 12:57 PMTo: NT System Admin IssuesSubject: Re: WARNING: Hacker Alert Did you apply the rollup fix, or just the code red fix? K.Borndale [EMAIL PROTECTED] -home email - Original Message - From: Luke Brumbaugh To: NT System Admin Issues Sent: Tuesday, September 18, 2001 12:38 PM Subject: RE: WARNING: Hacker Alert If you have updated for Code Red, do we need to do anything?-Original Message-From: Marr, Chris [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 12:22 PMTo: NT System Admin IssuesSubject: RE: WARNING: Hacker AlertUsama Bin -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 10:52 AMTo: NT System Admin IssuesSubject: RE: WARNING: Hacker AlertWhy do people gotta do this shit now? damn...! -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: 18 September 2001 15:59 To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert CodeRed seems to have dwindled to nothing on my logs. But it's being replaced with the EXACT same lines you have below, and they stay consistent with the code red 2 methods of attacking the more local subnets. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:50 AM To: NT System Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: WARNING: Hacker Alert Yes. It seems to be systems I have previously monitored hitting me with codered attacks. I bet someone is activating all of their children. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system 32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87
RE: Opinions on anti-virus software...
Title: Opinions on anti-virus software... Have you looked at Trend. I am having no problem, and I can control scans etc centrally. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Friday, September 14, 2001 3:44 PMTo: NT System Admin IssuesSubject: Opinions on anti-virus software... I'm attempting to make a final decision on anti-virus software for our network. We're running NT 4 SP6a to include IIS, Exchange etc. I am looking at Symantec software for the overall network. We're talking about $1,400 to purchase and being an admin for a city government network that's a whole lot of money. Any opinions good, bad, or indifferent. Please let me know. Ptl. Bob Couchman Unit 57 Network Administrator Madisonville Police Department 99 East Center Street Madisonville, KY 42431 (270) 821-1720 (270) 824-2115 (fax) [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Visit the Madisonville Police Department on the internet at http://www.madisonvillepd.com http://www.madisonvillepd.com/ http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: Opinions on anti-virus software...
Title: Opinions on anti-virus software... I have updates automated at 3:00 m-f and they are delivered to servers and scanmail. Then w/s are updated whenever they boot -up or when there is a pattern change. This saved my butt on the "I Love You" virus. The administration is basically a one time setup, then all virus alerts and such, I have set to email me. I think you can demo this. http:\\www.antivirus.comAt the time I was testing this, I had another guy help me, he did norton and I did Trend. He somehow send out a company wide update and rebooted every machine right in the middle of the day. That how I gotTrend and I stuck with it. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Friday, September 14, 2001 3:51 PMTo: NT System Admin IssuesSubject: RE: Opinions on anti-virus software... Have'nt looked. Will now though. How are the updates and what not? Ptl. Bob CouchmanUnit 57Network AdministratorMadisonville Police Department99 East Center StreetMadisonville, KY 42431(270) 821-1720(270) 824-2115 (fax)[EMAIL PROTECTED]Visit the Madisonville Police Department on the internet athttp://www.madisonvillepd.com -Original Message-From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]]Sent: Friday, September 14, 2001 14:48To: NT System Admin IssuesSubject: RE: Opinions on anti-virus software... Have you looked at Trend. I am having no problem, and I can control scans etc centrally. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Friday, September 14, 2001 3:44 PMTo: NT System Admin IssuesSubject: Opinions on anti-virus software... I'm attempting to make a final decision on anti-virus software for our network. We're running NT 4 SP6a to include IIS, Exchange etc. I am looking at Symantec software for the overall network. We're talking about $1,400 to purchase and being an admin for a city government network that's a whole lot of money. Any opinions good, bad, or indifferent. Please let me know. Ptl. Bob Couchman Unit 57 Network Administrator Madisonville Police Department 99 East Center Street Madisonville, KY 42431 (270) 821-1720 (270) 824-2115 (fax) [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Visit the Madisonville Police Department on the internet at http://www.madisonvillepd.com http://www.madisonvillepd.com/ http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
IEAK6
Has anyone had any experience with IEAK 6? I can't figure what I am doing wrong. If there is a good step-by-step or whitepaper, please let me know. Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Email content scanner/filter for exchange
Trend has one that fits in with the scanmail but and crucial but the content filtering with filter out stuff link Scuntville, Ireland. You can figure the word it was filtering out. If you are going to do this, have it move the messages instead of deleting. My advice. -Original Message- From: Mikelist (E-mail) [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 11:07 AM To: NT System Admin Issues Subject: Email content scanner/filter for exchange r there any products (preferable freeware) that fit this description. I wouldn't mind if there was a product out there that was a mail gateway/relay type software that did content scanning/filtering. -- Michael D. Plotsker Technology Consultant KJ Technology Consulting, Inc. T. 718-575-1595 C. 917-406-4215 F. 212-202-5013 [EMAIL PROTECTED] http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NAV Virus Definitions
I used to do this with Norton, but I quit after doing several confidence tests. I used sysdiff from cd updated the dat ran a full scan of harddrive sysdiff /diff examined diff. deployed. You might do it another way, but that satisfied my needs. -Original Message-From: Len Hammond [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 13, 2001 11:05 AMTo: NT System Admin IssuesSubject: RE: NAV Virus Definitions Don't use Norton but I don't test the signature files from Network Associates either. Am I missing something, such that I should start to test the signature files? Len Hammond Network Administrator Pontiac Coil, Inc. [EMAIL PROTECTED] -Original Message-From: Heavner, Charlie [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 13, 2001 10:04 AMTo: NT System Admin IssuesSubject: NAV Virus Definitions I have briefly mentioned this one in another thread but I'd like to get a broader response. Does anybody TEST their Symantec Norton Anti-Virus signature files before making them available to production networked clients. OS's concerning me are: Win95 OSR2, WinNT4 SP4 and SP6, Win2K Pro. Versions of NAV include: 4.08, 5.0, 7.5ce. Thanks for any feedback, Charlie Jefferson Pilot Financial http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: Automated e-mail-sending application?
sendmail with an at(schedule command) comes to mind. or write the letters with a don't deliver until date. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 11:10 AM To: NT System Admin Issues Subject: OT: Automated e-mail-sending application? This isn't NT-specific, and for that I apologize. I wasn't sure where else to turn, though, for some expert advice. The Superintendent of our school district wants to be able to have an e-mail message automatically sent to staff members on their birthday. Can anyone recommend a simple application that will accomplish this? John Hornbuckle Network Manager Taylor County School District 318 North Clark Street Perry, FL 32347 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: IEAK6
I am doing more research right now and retrying this. This might be because I had a trashed box before I installed it. Either that or I trashed it when I installed it. -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 11:16 AM To: NT System Admin Issues Subject: RE: IEAK6 Yes. I have built our office version with it. Better question for you. What do you mean by doing wrong? What is happening? -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 7:11 AM To: NT System Admin Issues Subject: IEAK6 Has anyone had any experience with IEAK 6? I can't figure what I am doing wrong. If there is a good step-by-step or whitepaper, please let me know. Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: OT? perspective of events
I read about this. It's a NT box running a kinda Sniffer software. I have used sniffer, the log gets incredibly big in a short period of time. So, the idea of scanning an ip address or email header for certain patterns would only be possible. Wiretaps are common, but you can only monitor so many phones at a time. Same here with email and this Carnivore black box. So you ask yourself, are you doing something to be afraid of? If not, then why worry, sniffer doesn't work well on switched networks and as for internet, only terrorist and child pornographers have something to worry about. -Original Message- From: Benjamin Winzenz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 9:51 AM To: NT System Admin Issues Subject: RE: OT? perspective of events I don't know how I feel about stuff like that yet. I think some of it may be warranted (we already know that any phone conversation basically can be recorded based on a myriad of words that are said). I think that the same type of thing monitoring e-mail would not be noticed by most. I think though, that if we were all told the extent of spying that the FBI already does, legally or illegally, we probably would be shocked. I almost think that things like that are better off kept silent. what the people don't know won't hurt them type of attitude. It's gonna get really interesting for a while here. As someone else said, we are in for a bit of a bumpy ride. As a side note, although I was not directly affected by the horrible acts that took place yesterday (no relatives), we will all be affected by this dastardly deed for a long time to come. My heart goes out to those who have experienced a loss. Even today, I still am in shock at what happened. At the same time, let us pray that our leaders make informed and wise decisions in the aftermath of what has happened. Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems, Inc. -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 9:14 AM To: NT System Admin Issues Subject:OT? perspective of events My sympathies and thoughts go out to everyone directly affected by these cowardly acts. My thoughts also go out to the millions of us indirectly affected. Now to bring a slightly on-topic slant to the discussions - in recent months there has been considerable debate on Carnivore (the FBI's electronic snooping tool). In order to increase our security, I'm sure we Americans are going to have to give up some of our personal freedom and privacy. As IT pro's, has anyone's opinion of Carnivore changed? I know if someone had asked me the question on Monday, I was adamantly against Carnivore. Today, I'm willing to accept some software black-box scanning my email looking for suspicious activity. Thoughts? BTW - just because I am initiating a slightly on topic discussion, in no way am I suggesting that that the other threads stop. I'm all for them. Many of our list members are in NY and DC. Those who don't like the off topic discussions - learn to use the delete key or setup a filter or rule. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack I heard that4 more planes are missing. I think something is seriously wrong here. How do you lose a plane? Radar??? -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 12:12 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I think on the contrary the suggestion is appropriate. I didn't have the impression he suggested indiscriminate killing, but hey, if it's true certain peoples are dancing in the streets to celebrate this, then I say, pal, it's time to consider adding a couple new statesOIL PRODUCING ones! -Original Message-From: Les Bessant [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:47To: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack It would be wise to make sure you know who perpetrated these atrocities before suggesting that anyone else should die. -Original Message-From: David James [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 4:45 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I don't mean to promote war, but we as a country HAVE to retaliate to this... F00k the 3rd world countries that harbor terrorists... -Original Message-From: Mal Sasalu [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:33 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I watched over the television. The structures of both north and south towers of WTO came down with a huge blast and now they are basically a heap of rubble. -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 9:30 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Could you confirm either more or less whether the structures are basically now grade level? -Original Message- From: Roman Bogdanov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:24 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Im about 40 blocks from the towers and we were all told we can go home but all the bridges and subways are closed so here i am trying to figure out a way to get to brooklyn. Roman Bogdanov Head of IT Support Jnana Technologies Corp. www.jnana.com 212-560-9151 ext. 202 212-560-9066 fax -Original Message- From: Richard Newton Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:24 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Us in Jersey City, NJ (just across the water) were evacuated and sent home. Its going to be a long day for all. -Original Message- From: Jeff Pace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:26 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack and it doesn't seem to be over yet. Jeff -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:19 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK - ASB -Original Message- From: Richard McMahon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:07 AM To: NT System Admin Issues Subject: NewYork Terrorist Attack Check out this link. http://www.skynews.co.uk/skynews/storytemplate/storytoppic/0,,3-1029 102, 00.html Hope out all you guys in the New York area are still with us.. Good luck, Richard http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: DNS problem
Did they hardcode the address in the dns? And is it replicated to all the nameservers registered. And is the ISP letting it go out the firewall? -Original Message-From: Matt Moore [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 1:39 PMTo: NT System Admin IssuesSubject: DNS problem A customer has a pure 2000 network. From the insidewe are able to resolve all names internal and external with the exception of their web page which is hosted off site. The internal DNSforwarders are set totalk to the ISP's DNS servers. All of the ISP's DNS records are correct. The ISP hosts their web page. Anybody got any ideas. Matt MooreMCSE, MCP+I, NCSS, HPhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: DNS problem
Yes I would hardcode it in dns, how else would you get the isp in AD? -Original Message-From: Matt Moore [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 2:29 PMTo: NT System Admin IssuesSubject: Re: DNS problem sorry if this doubles up but it didn't come through on the last reply. Hard coding was my next step. If I use the ISP's DNS servers instead of the internal one it works just fine how ever when we do this the mail goes down the tube. I don't really know what the ISP let's in and out of there fire wall the cust has a cheese ball little firewall one of the pick and choose variety. the only ports open are http, smtp, and pop. - Original Message - From: Luke Brumbaugh To: NT System Admin Issues Sent: Tuesday, September 11, 2001 10:40 AM Subject: RE: DNS problem Did they hardcode the address in the dns? And is it replicated to all the nameservers registered. And is the ISP letting it go out the firewall? -Original Message-From: Matt Moore [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 1:39 PMTo: NT System Admin IssuesSubject: DNS problem A customer has a pure 2000 network. From the insidewe are able to resolve all names internal and external with the exception of their web page which is hosted off site. The internal DNSforwarders are set totalk to the ISP's DNS servers. All of the ISP's DNS records are correct. The ISP hosts their web page. Anybody got any ideas. Matt MooreMCSE, MCP+I, NCSS, HPhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: Installing second CPU
Title: Installing second CPU Make sure you have loaded NT with multiprocessor option before hand, if not you may have problems. There was a tool to update processor withouthaving to rebuild but I wouldn't recommend it unless you absolutely know the driver for that multiprocessor. -Original Message-From: Blake R. Fowkes [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 2:41 PMTo: NT System Admin IssuesSubject: Installing second CPU I am wanting to install a second processor in my Dell 1400 server. Can anyone point me in the right direction as to what I will need to do to Windows NT 4.0 server to make sure I do not mess things up. Thanks, Blake Fowkes Waid and Associates http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack Thank you, I beleive it was another Canadian who stood up and said How America (United States) was always the first to help other countries in distress, but who helps them when they were in a crisis. It's nice to have FRIENDS up north. I applaud you sir. -Original Message-From: Mal Sasalu [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 3:39 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Murray, believe me they will (US). I am a Canadian saying this. If you knew what happens around the world you wouldn't say this. Any natural catastrophe or otherwise in any part of the world, America is the first one to respond. If you don't know ask people who were torn by earthquakes in Turkey, India, Mexico - - -. Don't get into hair splitting exercise. Mal -Original Message-From: Murray Binette [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 1:11 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I find it hard to beleive that the US would give a rats ass if something similar happened in Toronto or Edmonton. -Original Message-From: Paul Armstrong [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 12:13 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack How is this relevant? Well, I know some people who work in the WTC who are sys admins and I haven't been able to contact them since the crisis. Obviously there are others who are sys admins who probably lost there lives in this situation. I take it you know noone in NYC and probably dont care. I guess I wouldn't be wrong if the roles were reversed and this happened in your home town and you were caught in the middle of this thing and I didn't care. If you dont like the posts relating to this event, you could always filter them or simply unsubscribe, who cares since you have no sympathy for what has happened today! If this situation gets larger than what it already is and it starts to effect you, you will then find out the relevance to this list!! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: How do I do this?
nt 4 or 2000? -Original Message- From: William Rogge [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 2:40 PM To: NT System Admin Issues Subject: How do I do this? This should be simple, but I must be missing something. How can I generate a file or printout of our SAM? I need to make a change to a number of users, but at the same time want to make sure that everyone has some specific settings. I can not find anything on printing out user information including groups and profile information. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Very stranger Email.. Cannot be block..
why don't you use samspade or something to get the ip address from originator and block the ip to the exchange server. If still a problem send letter to [EMAIL PROTECTED] or call them. -Original Message- From: Albert Chong [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 10:46 AM To: NT System Admin Issues Subject: Very stranger Email.. Cannot be block.. Hello all, We have very strange email issue. Everyone in our company receive one email everyday. I cannot block that email. We are using Proxy server in the outside. Exchange server go through proxy server to get and send the email. We started to receive a very strange email couple weeks ago from [EMAIL PROTECTED]. I tried to block email from Exchange. But that is not working. I still receive same email everyday. I am pretty sure I block that email from exchange server. I test that using telnet into my exchange port and using the mail from: [EMAIL PROTECTED].. I am not receive anymore. Do anyone can tell me how I can track where is the email coming from in more detail level?? I can do more detail troubleshooting. Thank you all http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: windows 2000 login script entry
*user.bat call r user1 call r user2 . . . *r.bat net user %1 /scriptpath:login.bat -Original Message- From: Paul Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 4:31 PM To: NT System Admin Issues Subject: windows 2000 login script entry Anyone know how to do a batch edit of all users? I need to change everyone's login script to login.bat. I have about 150 users to change. I'm using Windows 2000 Server with AD. Thanks, Paul _ Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (www.grisoft.com). Version: 6.0.274 / Virus Database: 144 - Release Date: 8/23/2001 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: User List
net user /domain user.txt -Original Message- From: Joe Heaton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 3:24 PM To: NT System Admin Issues Subject: User List Is there any easy way to print out a current list of all NT user accounts? I did print screens, but there has to be an easier way. Joseph L. Heaton, MCSE NT Administrator FDI Consulting, Inc. 1610 Arden Way, Suite 145 Sacramento, CA 95815 (916)921-4390 x.228 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Code Red Rant
Hummm let's see I logged 4,500 address in the last month. All Machines get hit every 10 - 30 minutes. I have to double and triple check the network every morning to make sure that if any machine got rebuilt that it is protected with service packs and virus protection and all are up to date. Locking off port 80 is not an option, that's the business. It used to be simpler. Unfortunately I am a one man show, I have no help. I have a wife and newborn, that I would like to see. I work smarter and not harder. -Original Message- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 8:19 PM To: NT System Admin Issues Subject: RE: Code Red Rant Um Are you complaining about yourself? == ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT == Listen to others, even the dull and ignorant; they too have their story. -- from Desiderata -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 9:48 AM To: NT System Admin Issues Subject: OT:Code Red Rant Last night I am building a test box for 2000 AD. I had to format a 2nd drive to load AD and stuff. It was going to take a while so I left and went home. When I got in this morning, I had messages from other people saying that they had got the code red. I hadn't even got to the updates yet. What a pain! So now I am rebuilding. Will other people please fix this. It is such a pain, our logs are filled with hundreds of ip addresses trying to infect us. We got spam abuse, why can't we have a place that puts people's ip in for not fixing their virus problems! Luke L. Brumbaugh System Administrator,MCSE Ultryx Corporation mailto:[EMAIL PROTECTED] http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SMTP Address addition on Exchange 5.5
Export the address list from exchange (use header.exe for bork resource kit) pull up in excel. add the seconardy address and reimport. -Original Message-From: Ryan McBride [mailto:[EMAIL PROTECTED]]Sent: Friday, August 24, 2001 12:18 AMTo: NT System Admin IssuesSubject: RE: SMTP Address addition on Exchange 5.5 Create a distribution list address, give that a SMTP address, then place all the users you want to receive email from DL in it and VOLA, Bobs your uncle (or maybe not :-)) -Original Message-From: Brandon Bristow [mailto:[EMAIL PROTECTED]]Sent: Friday, 24 August 2001 5:44 AMTo: NT System Admin IssuesSubject: SMTP Address addition on Exchange 5.5 Im sure someone out there has done this before. Basically I need to add another SMTP Address to all of my recipients. Im hoping to do this all at once instead of having to go through one at a time and add this manually. Anyone have any ideas? I would assume there is some third party software out there that might make this easier. Any recommendations? http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: Code Red Rant
OK this is getting kinda nasty. So I'll ask, because I'd love to. How does one download all the SP's, hotfixes, security updates, etc. other than going to windowsupdate.microsoft.com? (SP2 I got,I need the rest). By the way, unless you forgot there was a time, you loaded all your programs on a server or networked CD pack and would load all you machines from a central location. Ghost images were on net, you could multicast 20 at a time. -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 8:59 AM To: NT System Admin Issues Subject: RE: Code Red Rant If you are working smarter, then simply keep the servers off the public network until the system in secured. Burn a CD with the SPs and hotfixes. That is probably faster than downloading them each time for each server. Sure locking off port 80 is an option for any business. If the server is getting rebuilt, then there shouldn't be any legitimate traffic to it yet, so block 80 to that new server until configured. If you are so busy rebuilding servers that you need to double check every morning, then you have enough volume to justify imaging - so image your servers from a secured image. Welcome to the world of security. Security is a never ending job. But don't rant about something that you are just as guilty of - some of those 4,500 addresses are quite possibly servers rebuilt the night before just like you. -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 7:31 AM To: NT System Admin Issues Subject: RE: Code Red Rant Hummm let's see I logged 4,500 address in the last month. All Machines get hit every 10 - 30 minutes. I have to double and triple check the network every morning to make sure that if any machine got rebuilt that it is protected with service packs and virus protection and all are up to date. Locking off port 80 is not an option, that's the business. It used to be simpler. Unfortunately I am a one man show, I have no help. I have a wife and newborn, that I would like to see. I work smarter and not harder. -Original Message- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 8:19 PM To: NT System Admin Issues Subject: RE: Code Red Rant Um Are you complaining about yourself? == ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT == Listen to others, even the dull and ignorant; they too have their story. -- from Desiderata -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 9:48 AM To: NT System Admin Issues Subject: OT:Code Red Rant Last night I am building a test box for 2000 AD. I had to format a 2nd drive to load AD and stuff. It was going to take a while so I left and went home. When I got in this morning, I had messages from other people saying that they had got the code red. I hadn't even got to the updates yet. What a pain! So now I am rebuilding. Will other people please fix this. It is such a pain, our logs are filled with hundreds of ip addresses trying to infect us. We got spam abuse, why can't we have a place that puts people's ip in for not fixing their virus problems! Luke L. Brumbaugh System Administrator,MCSE Ultryx Corporation mailto:[EMAIL PROTECTED] http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Code Red Rant
Thank-you, thank -you You have made my day!!! I have looked for this, I don't how many times, and gave up cuz I was in a crunch. Thank-you again. -Original Message- From: Brian Caisse [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 9:37 AM To: NT System Admin Issues Subject: RE: Code Red Rant http://corporate.windowsupdate.microsoft.com -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 9:23 AM To: NT System Admin Issues Subject: RE: Code Red Rant OK this is getting kinda nasty. So I'll ask, because I'd love to. How does one download all the SP's, hotfixes, security updates, etc. other than going to windowsupdate.microsoft.com? (SP2 I got,I need the rest). By the way, unless you forgot there was a time, you loaded all your programs on a server or networked CD pack and would load all you machines from a central location. Ghost images were on net, you could multicast 20 at a time. -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 8:59 AM To: NT System Admin Issues Subject: RE: Code Red Rant If you are working smarter, then simply keep the servers off the public network until the system in secured. Burn a CD with the SPs and hotfixes. That is probably faster than downloading them each time for each server. Sure locking off port 80 is an option for any business. If the server is getting rebuilt, then there shouldn't be any legitimate traffic to it yet, so block 80 to that new server until configured. If you are so busy rebuilding servers that you need to double check every morning, then you have enough volume to justify imaging - so image your servers from a secured image. Welcome to the world of security. Security is a never ending job. But don't rant about something that you are just as guilty of - some of those 4,500 addresses are quite possibly servers rebuilt the night before just like you. -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 7:31 AM To: NT System Admin Issues Subject: RE: Code Red Rant Hummm let's see I logged 4,500 address in the last month. All Machines get hit every 10 - 30 minutes. I have to double and triple check the network every morning to make sure that if any machine got rebuilt that it is protected with service packs and virus protection and all are up to date. Locking off port 80 is not an option, that's the business. It used to be simpler. Unfortunately I am a one man show, I have no help. I have a wife and newborn, that I would like to see. I work smarter and not harder. -Original Message- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 8:19 PM To: NT System Admin Issues Subject: RE: Code Red Rant Um Are you complaining about yourself? == ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT == Listen to others, even the dull and ignorant; they too have their story. -- from Desiderata -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 9:48 AM To: NT System Admin Issues Subject: OT:Code Red Rant Last night I am building a test box for 2000 AD. I had to format a 2nd drive to load AD and stuff. It was going to take a while so I left and went home. When I got in this morning, I had messages from other people saying that they had got the code red. I hadn't even got to the updates yet. What a pain! So now I am rebuilding. Will other people please fix this. It is such a pain, our logs are filled with hundreds of ip addresses trying to infect us. We got spam abuse, why can't we have a place that puts people's ip in for not fixing their virus problems! Luke L. Brumbaugh System Administrator,MCSE Ultryx Corporation mailto:[EMAIL PROTECTED] http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Codered?
Title: Message Same here. If you use that coroporate.windowsupdate.microsoft.com you can drag to cd or spare drive on Computer, unplug from net and load OS. I did this and now I am fine. Read "Code Red Rant" message thread. -Original Message-From: Niki Blowfield [mailto:[EMAIL PROTECTED]]Sent: Friday, August 24, 2001 9:59 AMTo: NT System Admin IssuesSubject: Codered? Hi I installed a Win2k Advanced server in a kind of test environment on a public IP address last thing yesterday, and it appeared to pick up the codered worm overnight. i got an email from one admin, and an automated message from a website i re-installed 2k serv and applied the IIS patches, I also applied the patches to my 2 NT servers which have IIS4 running, albeit on a private subnet i have since noticed LOTS of traffic coming in through our single ADSL connection i can remove our Firewall from the ADSL router, so its connected only to the web, but the traffic continues on the router indicator lights, so it doesnt seem to be originating from our network the 2000 server is the only device on our network providing any kind of services to the internet, and that is currently offline we have no way of connecting to the router to check logs, but if I bring the 2000 server online, and run netmon, i get constant entries like the following; SRC MAC Address - FLOW00.. Dest MAC Address - LOCAL Protocol - TCP SRC Other Address - 213.66.79.235 Dest Other Address - WIN2KADVSERV Type Other Add - IP do we still have a problem? or are these other sites with the virus attempting to send it to us?http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
Reporting Code red
Is there a website, or agency or whatever that you can report Code Red web hits to. We are getting hit from Concentric, and msn and I do have the ipaddress' It's not a problem here, just irritating. Luke L. Brumbaugh System Administrator,MCSE Ultryx Corporation mailto:[EMAIL PROTECTED] Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Domain Issue
Title: Domain Issue check to see if you domain controllers are up. (see if you can logon from another box) then remove your workstation from domain and readd -Original Message-From: Network Issues [mailto:[EMAIL PROTECTED]]Sent: Friday, August 17, 2001 1:47 PMTo: NT System Admin IssuesSubject: Domain Issue Goodmorning All, I was wondering if someone can give me an idea why I'm getting this message when attempting to log on to my domain. "The computer log you on now because the domain DomainName is not available." This is from an NTWS4/SP6a. I can connect to any and all network resources, but I'm unable to log onto the domain from the workstation. The only way I can log on is on the local box. Any suggestions? TIA Ron http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: Change Admins Password
Title: RE: 2000 Server SP2 Blue dump with 512mb memory All services that might be running under administrator. change the password for administrator, then change each service that is running under the administrator account. Stop and restart service or just reboot the machine when you are done. -Original Message-From: Mal Sasalu [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 16, 2001 4:31 PMTo: NT System Admin IssuesSubject: Change Admins Password Hey guys, I think it is about time for me to change the built in Domain administrator password. We have NT domain controllers and couple of W2K servers. Is there anything that I have to look into closely, before I go about doing this. Thanks in advance for all your help. Malhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com
RE: MS patch-scanner for Win-NT, 2K, IIS, SQL
SO when can we download and from where? -Original Message- From: Nail, Larry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 10:01 AM To: NT System Admin Issues Subject: RE: MS patch-scanner for Win-NT, 2K, IIS, SQL Due to time outs at the register. Frequently Asked Questions about the Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool http://support.microsoft.com/support/kb/articles/q305/3/85.ASP -Original Message- From: Phillips, Glen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 4:06 AM To: NT System Admin Issues Subject: MS patch-scanner for Win-NT, 2K, IIS, SQL This sounds like it will save everyone a lot of stress http://www.theregister.co.uk/content/4/21019.html I've checked and the notes for it aren't up at this point in time but should be soon http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NT TIME SYNCHRONIZATION
Pick one, look at toucows, ntreskit etc. All you need is one. -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 1:21 PM To: NT System Admin Issues Subject: RE: NT TIME SYNCHRONIZATION That's my plan, now I'm looking for an NT4 version of a cheap program to sync the server. Murray -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 11:41 AM To: NT System Admin Issues Subject: RE: NT TIME SYNCHRONIZATION I would have one server go to net and sync every 10 - 15 minutes then use w32time or a schedule command 'at 12:00 /every m,t,w,th,f,s,su net time \\server /set /y' -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 12:08 PM To: NT System Admin Issues Subject: NT TIME SYNCHRONIZATION What software do you recommend for synchronizing your servers to the correct time? Our login scripts to our workstations syncs to the servers, and I've noticed our servers are losing time faster than I thought. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Adding users to 2000 AD
Yep you got it, I assume this works like the exchange export and import. I create the accounts, export to csv, edit in excel, and import? -Original Message- From: Joe Casale [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 1:12 PM To: NT System Admin Issues Subject: RE: Adding users to 2000 AD That's it! Thanks dude! jlc -Original Message- From: Spencer Kent [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 11:11 AM To: NT System Admin Issues Subject: RE: Adding users to 2000 AD .. here's the link for info http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/WIN DOWS2000/en/server/help/sag_ad_ldif_csv.htm Kent --- Joe Casale [EMAIL PROTECTED] wrote: Darn it. I was looking anyway cuz you spiked my curiosity, and I cant find any notes in my mini KB. Ill check into it more! jlc -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 10:59 AM To: NT System Admin Issues Subject: RE: Adding users to 2000 AD I've been looking, I didn't see anything except addusers. (doesn't fill out the rest of extra notes) -Original Message- From: Joe Casale [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 12:51 PM To: NT System Admin Issues Subject: RE: Adding users to 2000 AD I recall reskit utils that allow this. If you have the rekits, hunt around. I did this along time ago, if you cant find it the reskit, Ill look around. jlc -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 10:49 AM To: NT System Admin Issues Subject: Adding users to 2000 AD This may have been asked before but I do not recall seeing this. When you add a user to active directory, you have all these options you can fill out. Much like exchange mail, you have office, phone, manager etc. Is there a way to export this or import these extra notes say via an excel spreadsheet etc. Luke L. Brumbaugh System Administrator,MCSE Ultryx Corporation mailto:[EMAIL PROTECTED] Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm __ Do You Yahoo!? Send instant messages get email alerts with Yahoo! Messenger. http://im.yahoo.com/ http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm